Created attachment 381484 [details, diff] larger poolsize patch I built myself an rngd that would let me set the watermark higher than 4096 and checks /proc/sys/kernel/random/poolsize for maximum poolsize. I.e. in hardened, /proc/sys/kernel/random/poolsize is set to: 16384. By default rngd stops filling the pool at 4096 bits leaving the larger entropy of hardened systems or systems with a larger poolsize alone. This patch allows rngd to use the maximum poolsize which is defined in the kernel in /proc/sys/kernel/random/poolsize.
17 Jul 2015; Ian Delaney <idella4@gentoo.org> +files/larger-poolsize.patch, rng-tools-5-r1.ebuild, rng-tools-5.ebuild: patch to fix Bug 517942, sourced from Debian, attached to bug #517942 by cilly, also prompted by proxy maintainer
Linux kernel doesn't allow the entropy pool size to be modified. Grsecurity used to have a kernel option to double the entropy pool size but it has been removed: https://grsecurity.net/changelog-stable2.txt """ commit c223ecf11b6afea9bcd450630eceab2c65d1d307 Author: Brad Spengler <spender@grsecurity.net> Date: Thu Aug 21 20:33:45 2014 -0400 Remove GRKERNSEC_RANDNET -- it has been unnecessary for quite some time now, at least since get_random_bytes started to be used directly for filling of AT_RANDOM on each exec -- it's not really possible anymore to store up sufficient entropy such that this option would have any effect. """ Therefore, none of the recent systems should have the entropy pool size other than 4096. The patch isn't necessary. @hardened: can you confirm that GRKERNSEC_RANDNET isn't supported by any of the sys-kernel/hardened-sources-* Feel free to re-open the bug if this is not the case.
